The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete the action

I don't think it's a fragmentation problem, unless a particular computer can have the problem.

This user just tried connecting with a laptop running 32bit XP and Outlook 2007 and got right on... from the same location... through the same router... over the same vpn connection.

The machine he can't connect from is a win7 64-bit running outlook2010 (though he gets this error just setting up the connection in Control Panel | Mail so I don't see how it can be an outlook problem).

I wonder if it's a 64-bit windows problem of some kind.

Actually, it's not necessarily a particular computer that can have fragmentation issues, but a particular network component can be the cause. I used to have a sitecom router at home that caused similar problems untill I upgraded the firmware. You could try setting up a vpn with this system from a different location or replace the router.
In any case, I still wouldn't rule out the VPN as the cause...

I will have answers to the questions tomorrow.  I'm taking an office computer home with me tonight.

I've conducted many tests now from 3 different locations (other people helping me) -- locations in different states and time zones, locations that all have different wireless/router hardware connecting to the internet.

The results are 100% consistent.

In all cases, the test is:

Run Office 2010 locally on the test computer, connect via VPN to the home office which hosts the Exchange 2010 Server.

These are the results:

32-bit XP ............... Success
32-bit Windows 7 ... Success
64-bit Windows 7 ... Fail

These results are absolutely consistent over several different machine types, wireless connection routers, wired routers, and vpn hardware firewalls.

It does not matter what you change, you get the same results.

Is it 64-bit Windows 7?  Yes?   Then it fails.

I am going to try to get my hands on a 64-bit XP machine to test with next.

g4ugm:

Regarding some of your questions (didn't get to them all):

1. No need for the server address in the hosts file.  I was just "making sure".  But the 32-bit machines work without the server address in the hosts file.  And the 64-bit win7 fails with or without.

2. Most of the machines tested have already been joined to the domain but I have one 32-bit XP that in my home that is a desktop, never joined to the domain, and runs Outlook over vpn to Exchange 2010 without a problem.

3.  Everything else succeeds over the vpn connection.  File share, outlook connection to the old exchange 2003 server (using a different mailbox account, of course), everything.  To paraphrase Jules talking to The Wolf: The VPN is Tip Top.

4. Cached mode doesn't matter.  The failure happens on the "check name" screen.  You can check and uncheck cached mode all you want, when you hit that "check name" button you get the failure.

5.  I am in the office now, with a 64-bit Windows 7 machine (an HP HDX) that I took home last night to test, and it works fine on the LAN.  Runs outlook 2010, connects to exchange server 2010, email send, email receive, public folders, calendar, all of it, all good.

well sorry, but i am as puzzled as you are.

I can't see why outlook would be any different between x.64 and x.32

What VPN product do you use?

I have ISA Server 2006 running at a home site and two remote sites (site-to-site vpn).

People who are outside either of those sites use windows new connection wizard, create a "workplace" vpn and then use that vpn connction to log in with their domain account.

It doesn't matter if you are at one of the remote sites (site-to-site vpn) or logging in on a temporary vpn connection from home (or starbucks, etc), the result is the same:

32-bit XP ............... Success
32-bit Windows 7 ... Success
64-bit Windows 7 ... Fail

Just as an example, I am including a screen shot of the vpn connection on my home computer, an XP machine that has no problem connecting to the exchange2010 over the vpn.


 

I just found this:

http://support.microsoft.com/kb/244474

if you go into the mapi profile (the mail icon on control panel) , open the account settings, on the security tab, you can set the authentication to NTLM rather than kerberos if your DCs support it.

I know its not as secure....

We previously had tried switching to NTLM but I tried it again, on your suggestion, just to be sure.

It did not affect the problem.  The problem is still the same.

I also tried forcing kerberos over tcp using http://support.microsoft.com/kb/244474, but it also did not affect the problem.

The problem is still the same.

Just a thought, but why not use Outlook Anywhere?
You have all the elements to make it a relatively easy setup...

MNH1966:

Outlook Anywhere also fails.

I think it is a packet problem and I want to use your links to troubleshoot but they involve vpn-over-ipsec and I have vpn-over-ppp.

Should I switch to ipsec to fix this (on the ISA 2006 server)?

Although the article doesn't mention VPN explicitely, it won't hurt to try this:
http://support.microsoft.com/kb/913843

I'll see if I can find more. I wouldn't switch to IPSEC just yet. It can be pretty complicated, especially if you're not experienced in using certificates...

MNH1966, that didn't work.

I actually have a support incident open with Microsoft on this and I will definitely post the results here.

I've been working with them for days on it and it looks to me (although they are not saying this yet) that Outlook 2010 64-bit over VPN (on ISA2006) to Exchange 2010 is incompatible.

Switching to Outlook 2010 32-bit definitely fixes the problem but there are purists who only want to run 64-bit programs on their 64-bit machines.

Anyway, I really appreciate all the help I received on this question and, like I said, I will be posting final results.

Thanks for all your hellp.  I think the issue is isa2006 not supporting outlook2010 64-bit connections.